Browser Ladder

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is mostly transparent, but it needs Review because it normalizes CAPTCHA/bot bypass and can automatically send requested URLs to a paid cloud browser once a token is configured.

Install only if you need browser automation and understand the cloud fallback model. Do not configure BROWSERLESS_TOKEN unless you want paid Level 4 available, avoid using cloud rungs for sensitive internal or authenticated pages unless the provider is approved, and force lower levels with --level when bypass or third-party rendering is not appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script explicitly advertises Browserless as enabling CAPTCHA solving and bot-detection bypass, which expands the capability from ordinary browser automation into anti-abuse evasion. In the context of a generic browser-access skill, exposing and normalizing this bypass functionality increases the likelihood of misuse against sites that prohibit such access patterns.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly normalizes CAPTCHA and bot-detection bypass as a standard usage path without any warning about legality, site terms, account suspension, or organizational policy. In security-sensitive environments, that framing increases the chance of misuse and can facilitate unauthorized automation against protected targets.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation tells users to place third-party API tokens in a .env file, but does not explain that cloud browser providers will process browsing content, session data, and possibly authenticated interactions. This omission can lead users to expose sensitive data to external services without informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Level 4 sends user-supplied URLs and potentially page-derived content to a third-party cloud browsing provider without an explicit consent gate or clear disclosure at runtime. In a browser automation skill, this is more dangerous because users may assume browsing happens locally while sensitive internal URLs, session-dependent pages, or proprietary content are transmitted off-host.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script reads API keys with a normal interactive prompt, so the secrets may be echoed on-screen and captured by terminal history recordings, shoulder surfing, or session logs. It then stores them in a plaintext .env file without warning about filesystem exposure, increasing the chance of accidental disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The Browserless setup not only collects a sensitive token but also frames the feature as useful for CAPTCHA solving and bot-detection bypass without warning about policy, legal, or abuse implications. That messaging can encourage unsafe or non-compliant use of the credentialed service beyond routine browser automation.

Ssd 2

Medium

Confidence: 89% confidence
Finding: The skill describes anti-bot circumvention in normalized operational language, effectively presenting bypass capability as a routine feature rather than a high-risk exception. That context makes the content more dangerous because it lowers user caution and encourages escalation into behavior commonly associated with abuse.

Ssd 4

Medium

Confidence: 85% confidence
Finding: The ladder narrative gradually escalates from ordinary fetching to cloud-based anti-bot circumvention, which can desensitize users and make risky behavior feel like a natural next step. In practice, this lowers friction for abuse by embedding higher-risk actions into an otherwise benign workflow.

Ssd 2

Medium

Confidence: 94% confidence
Finding: The Browserless example explicitly states that CAPTCHA is handled automatically, which directly promotes automated bypass as part of normal operation. This is risky because it provides practical guidance for defeating access controls, not just general browser automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal